Amazon announced the launch of new services of CloudHSM, which will provide Amazon Web Services users who need to meet corporate, contractual and regulatory compliance requirements for data security a way to do so by using a dedicated Hardware Security Module (the ‘HSM’ in CloudHSM) within the Amazon cloud. Until now, Amazon argues, the only option for many companies that use its cloud services was to store their most sensitive data – or the encryption keys to it – in their own on-premise data centers. This, of course, made it hard for these companies to fully migrate their applications to the cloud.
The new service, Amazon writes, can be used to support “a variety of use cases and applications, such as database encryption, Digital Rights Management (DRM), and Public Key Infrastructure (PKI) including authentication and authorization, document signing, and transaction processing.” The actual appliances are Luna SA modules from SafeNet, Inc.
The new CloudHSM service uses Amazon’s Virtual Private Cloud (VPC) and the appliances are provisioned inside the user’s VPC with an IP address the user specifies. The service, Amazon says, provides businesses with secure key storage and protects these keys with “tamper-resistant HSM appliances that are designed to comply with international (Common Criteria EAL4+) and U.S. Government (NIST FIPS 140-2) regulatory standards for cryptographic modules.”
0 comments:
Post a Comment